On 1/4/06, Ted Unangst <[EMAIL PROTECTED]> wrote: > On 1/3/06, knitti <[EMAIL PROTECTED]> wrote: > > cgd gives users some choice over how to build their encrypted partition. > > you're able to use different ciphers. > > in the unlikely case of a cipher getting broken, you have the possibility to > > switch instantly, using a tool you know with stable code an the same way > > you configured it. > > this is really not that useful. why would you pick anything other > than "the best" when setting it up?
because no one knows what the best is. blowfish appears to be the best at the moment, because its secure and fast. some other people don't like block sizes of 64 bit. so perhaps they take aes, which is slightly slower but encrypts blocks of 128 bit. is it for no reason, that swap encryption uses aes over blowfish? > and after it's setup, you can't > change. the idea that once a cipher is broken you could migrate is > nice, but think about it. are you equipping all your servers with > double storage so that you can copy and reencrypt everything? i doubt > anyone has thougt more than 10 seconds about what the migration > procedure would really be. a pain in the ass. but you can plan for it. > anyway, it's not that hard to switch > ciphers in svnd. how critical is your timeframe? can you wait 24 > hours to upgrade? no one besides you (the developers) knows, how quick an upgrade would be possible. 24h _is_ really fast, and a week would probably suffice too, for most people. I think this rocks, but no one knew it would be that fast. > > you're able to change your passphrase without reencrypting your container. > > not really, or at least not any more so than with svnd. encrypting with your passphrase (as would be the easy way with svnd) is using a weaker keyspace than encrypting with a generated key. but you are right, that would be possible with svnd too. --knitti